Firewall Wizards mailing list archives
RE: Intrusion Detection Systems, Best of breed?
From: "Ofir Arkin" <ofir () sys-security com>
Date: Wed, 26 Dec 2001 15:50:53 -0000
If they go to the real site and than in another session they try to attack it and get redirected to another host using another stack it will be obvious some one if fooling them. Unless you use some kind of stack scrubber or what ever. And than of course there is the web server itself "hey look I am IIS", and other things. Just my 2cents for Boxing Day. Btw - not all attackers are script kiddies... Ofir Arkin [ofir () sys-security com] Founder The Sys-Security Group http://www.sys-security.com PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA -----Original Message----- From: firewall-wizards-admin () nfr com [mailto:firewall-wizards-admin () nfr com] On Behalf Of Marcus J. Ranum Sent: ד 26 דצמבר 2001 15:34 To: Ofir Arkin; 'Lance Spitzner'; 'Talisker' Cc: 'R. DuFresne'; 'ROB SLAUGHTER'; firewall-wizards () nfr com Subject: RE: [fw-wiz] Intrusion Detection Systems, Best of breed? Ofir Arkin wrote:
Another thought, you really need to make it REAL GOOD so it will not be detected easily. Hence, same Stack manipulations and other TCP/IP
tricks
to make it look nice...
Not really. That's the beauty of the idea. Once the Bad Guys try to identify you, they've indicated already that they're not good guys. :) Good Guys don't care what they're talking to, only whether or not it works properly. Bad Guys are the folks who try to make a connection to systems behind your firewall and fail then come back with an Nmap scan. On the Internet, you _are_ how you act. :) mjr. --- Marcus J. Ranum Chief Technology Officer, NFR Security, Inc. Work: http://www.nfr.com Personal: http://www.ranum.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Intrusion Detection Systems, Best of breed?, (continued)
- Re: Intrusion Detection Systems, Best of breed? Talisker (Dec 22)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 23)
- RE: Intrusion Detection Systems, Best of breed? Predrag Zivic (Dec 23)
- Re: Intrusion Detection Systems, Best of breed? Stephen P. Berry (Dec 26)
- Re: Intrusion Detection Systems, Best of breed? Predrag Zivic (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Predrag Zivic (Dec 23)
- RE: Intrusion Detection Systems, Best of breed? R. DuFresne (Dec 23)
- Re: Intrusion Detection Systems, Best of breed? Talisker (Dec 24)
- Re: Intrusion Detection Systems, Best of breed? Lance Spitzner (Dec 25)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Ofir Arkin (Dec 26)
- RE: Intrusion Detection Systems, Best of breed? Lance Spitzner (Dec 27)
- RE: Intrusion Detection Systems, Best of breed? franks (Dec 26)
- Re: Intrusion Detection Systems, Best of breed? Robin S. Socha (Dec 26)
- Re: Intrusion Detection Systems, Best of breed? R. DuFresne (Dec 26)
- Re: Intrusion Detection Systems, - Honeypots? Lance Spitzner (Dec 27)
- Re: Intrusion Detection Systems, - Honeypots? R. DuFresne (Dec 28)
- Re: Intrusion Detection Systems, - Honeypots? Lance Spitzner (Dec 28)
- Message not available
- Re: Intrusion Detection Systems, Best of breed? Marcus J. Ranum (Dec 26)